Trojan Alert. A team of ESET researchers led by Lukas Stefanko discovered a hidden malware in the iRecorder application for Android devices, which, under the guise of an innocent screen recorder, steals audio through the device’s microphone and transmits it to third parties Is.
The app didn’t always work this way. In fact, since its launch in September 2021, it has worked for exactly what it was designed for: record the screen. However, researchers believe that with an update in August 2022, it began recording one minute of audio every 15 minutes.
The Trojan added to the clean version of iRecorder is based on the open source “AhMyth Android RAT (Remote Access Trojan)”. Along with its screen recording capabilities, the app then gained the power to capture audio through the device’s microphone and transmit it to the attacker’s command and control (C&C) servers.
Furthermore, once updated it was capable of extracting saved web pages, images, audios, videos, documents and files with extensions belonging to compressed file formats from the target device.
removed apps
This infected app was able to affect users with Android devices that had installed a version of iRecorder older than version 1.3.8, as they unknowingly exposed their data and files to AhRat “without even giving permission to the app”. Will have given
However, from ESET they have pointed out that the malicious application has already been removed from Google Play, and they have elaborated that “preventive measures” against this type of malicious action have already been implemented in Android 11 and higher versions Are.
